A network tap is an external monitoring device that mirrors the traffic that passes between two network nodes. A tap (test access point) is a hardware device inserted at a specific point in the network to monitor data.
A network tap usually has four ports. The first two ports connect to the two network nodes at either end of the wire that the tap is monitoring. The additional ports connect to the monitoring devices that receive the mirrored packet flows.
Network tap manufacturers build their products to be resilient and transparent so as to minimize or eliminate the effect they can have on production traffic. Taps designed to mirror the traffic without impeding the flow of the production traffic. Tap manufacturers also strive to make the device resilient in the event of a hardware failure. Some taps will draw power from the network itself rather than rely on its own power supply. Many taps are engineered to allow traffic to continue passing through them even if the tap itself stops functioning.
A passive network tap is an alternative to the integrated port mirroring functions -- referred to by Cisco as a Switched Port Analyzer (SPAN) port – that are available on many switches and routers. Unlike port mirrors and SPAN ports, a tap does not depend on the processing resources of a switch or router to generate mirrored traffic.